From: Nikita Popov Date: Thu, 19 Sep 2019 12:16:36 +0000 (+0200) Subject: Fix exif leak on duplicate copyright tags X-Git-Tag: php-7.2.24RC1~37 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3e139a465333d3b2bed4d23e42316ea952d96dd8;p=php Fix exif leak on duplicate copyright tags --- diff --git a/ext/exif/exif.c b/ext/exif/exif.c index 984c915639..25cec40df8 100644 --- a/ext/exif/exif.c +++ b/ext/exif/exif.c @@ -3418,6 +3418,9 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha if (byte_count>1 && (length=php_strnlen(value_ptr, byte_count)) > 0) { if (lengthCopyrightPhotographer); + EFREE_IF(ImageInfo->CopyrightEditor); + EFREE_IF(ImageInfo->Copyright); ImageInfo->CopyrightPhotographer = estrdup(value_ptr); ImageInfo->CopyrightEditor = estrndup(value_ptr+length+1, byte_count-length-1); spprintf(&ImageInfo->Copyright, 0, "%s, %s", ImageInfo->CopyrightPhotographer, ImageInfo->CopyrightEditor); @@ -3425,6 +3428,7 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha /* but we are not supposed to change this */ /* keep in mind that image_info does not store editor value */ } else { + EFREE_IF(ImageInfo->Copyright); ImageInfo->Copyright = estrndup(value_ptr, byte_count); } } diff --git a/ext/exif/tests/duplicate_copyright_tag_leak.phpt b/ext/exif/tests/duplicate_copyright_tag_leak.phpt new file mode 100644 index 0000000000..c5d5019794 --- /dev/null +++ b/ext/exif/tests/duplicate_copyright_tag_leak.phpt @@ -0,0 +1,12 @@ +--TEST-- +OSS-Fuzz #17474: Memory leak on duplicate Copyright tags +--FILE-- + +===DONE=== +--EXPECTF-- +===DONE=== diff --git a/ext/exif/tests/duplicate_copyright_tag_leak.tiff b/ext/exif/tests/duplicate_copyright_tag_leak.tiff new file mode 100644 index 0000000000..48c7fe61ff Binary files /dev/null and b/ext/exif/tests/duplicate_copyright_tag_leak.tiff differ